• United States
Senior Editor

A look at VPN Security

Aug 11, 20042 mins
Network SecurityNetworkingSecurity

* SSL remote-access gear is in some cases winning out over IPSec

Network World recently took a look at the status of core VPN technologies Secure Sockets Layer and IPSec. What our author ( found was pretty interesting. First of all, according to a Frost & Sullivan study, SSL remote access purchases last year represent less than 5% of the $2 billion worldwide revenue taken in by IPSec remote access gear. But that will grow to 25% in four years, the firm says.

What’s particularly remarkable about that growth is SSL gear has just one function: remote access. IPSec gear that can be used for remote access almost always includes a firewall, too, and can include intrusion detection, virus and content scanning, Web filtering and other security applications.

One of the shortcomings of SSL is that without use of Java or Active X downloads it only supports Web applications or applications that have been customized – some say Webified – to be accessible via browser. Not all SSL vendors support all applications in this way, so customers should check for the support they need, our author states.

And one vendor’s support for a particular application might be more complete than another’s, and again, customers should check them out.

IPSec has no such problem. Connecting via IPSec tunnel makes the remote machine a node on the corporate network, giving users the same access they get when their computer is connected directly to the LAN. While SSL doesn’t make the remote machine a corporate node, even without Java or Active X agents, in many cases it allows access to enough applications to meet the bulk of users’ needs.

SSL is immune to the network address translation problems that plague IPSec gear when it tries to establish tunnels through firewalls that change private IP addresses into public IP addresses. SSL traffic flows through firewall TCP port 443, which is almost always left open, so no special firewall configuration is needed as is the case with IPSec.

While there are similarities between the two technologies, the differences give the edge to SSL in many cases, users say. 

For more on this story see: